snakekeylogger | 66a27d30bd7d23c23948d0e34da3eb8b687c32ec5cb5ab030c68b8c60a4e1f74 | Triage

Submit
Reports

Overview

overview

Static

static

3

123b713c4b...18.exe

windows7-x64

123b713c4b...18.exe

windows10-2004-x64

Sharing

General

Target

123b713c4b633da7d380443daaf0a459_JaffaCakes118
Size

771KB
Sample

241004-hb4jhstcme
MD5

123b713c4b633da7d380443daaf0a459
SHA1

3d195ccf4c13c59c09e001bb65e890b7aed6cffa
SHA256

66a27d30bd7d23c23948d0e34da3eb8b687c32ec5cb5ab030c68b8c60a4e1f74
SHA512

c3507e294579fb149dc6439591c4874518c555934562d9cbf6da70189d5d590c8fa10156014719610b9043dc5a53dea3bb1b8062039bc1e2c199d80aac42fb7a
SSDEEP

12288:CfK6n3qGaNHEyC9/oR9gy5FHK7z10PYCHQpeJkoGUkK1uMlSRUpfP1r:CfK6Pp9AR95y5j+kOkKbyUpfPB

Score

10^/10

snakekeylogger discovery keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

123b713c4b633da7d380443daaf0a459_JaffaCakes118.exe

Resource

win7-20240903-en

snakekeylogger discovery keylogger stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

123b713c4b633da7d380443daaf0a459_JaffaCakes118.exe

Resource

win10v2004-20240802-en

snakekeylogger discovery keylogger stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.arfemaluminyum.com.tr
Port:
587
Username:
[email protected]
Password:
nav00v1trwjv
Email To:
[email protected]

Targets

- Target
  
  123b713c4b633da7d380443daaf0a459_JaffaCakes118
- Size
  
  771KB
- MD5
  
  123b713c4b633da7d380443daaf0a459
- SHA1
  
  3d195ccf4c13c59c09e001bb65e890b7aed6cffa
- SHA256
  
  66a27d30bd7d23c23948d0e34da3eb8b687c32ec5cb5ab030c68b8c60a4e1f74
- SHA512
  
  c3507e294579fb149dc6439591c4874518c555934562d9cbf6da70189d5d590c8fa10156014719610b9043dc5a53dea3bb1b8062039bc1e2c199d80aac42fb7a
- SSDEEP
  
  12288:CfK6n3qGaNHEyC9/oR9gy5FHK7z10PYCHQpeJkoGUkK1uMlSRUpfP1r:CfK6Pp9AR95y5j+kOkKbyUpfPB
Score

10^/10

snakekeylogger discovery keylogger stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakekeyloggerdiscoverykeyloggerstealer

behavioral2

snakekeyloggerdiscoverykeyloggerstealer

© 2018-2024

Terms | Privacy